Skip to main content

Deploying VCSA 6.5 to Workstation

Previously to deploy VCSA to Workstation you would need to go through some painful steps to get it going. With 6.5 the process has been a lot more easier. I will go through the steps I’ve taken to just deploy a basic VCSA on Workstation 12 so that you can start playing with it.

My setup:
I used Workstation 12.5.7 build-5813279 running on Windows 10 and VCSA 6.5 ISO Build 7119157 (U1c). Make sure you have a working DNS server where the VCSA appliance can use and resolve to for the VCSA appliance name. 

I am using Windows 10 so I am using the default built-in tool to mount the VCSA ISO. Make a note of which drive letter it has been mounted on
Fire up VMware workstation and select “File > Open”
Browse to the drive where the ISO has been mounted to. Go in to folder "vcsa" and you should see the “ova” file with the name starting with “VMware-vCenter-Server-Appliance-“. Select the file and click "open"
Give the VM the name you want and the location of where you would like this VM to reside. Click “import”
A licence agreement will appear where you have select "Accept" to continue
Once the VM has been deployed. Check if the Network Adapter of the VM is in the correct network for you where it can reach your DNS server and from the terminal where you would be running the web browser to do the final configuration later. Power on the VM once you are happy
For the following section the installation time would vary due to the type of hardware you are running workstation on. For me the process was around ½ hour. So if you watch the console screen you will see that the VM is booting up and going through the installation and at some point you will see this screen for login. DO NOT login at this time as the machine is still installing
You will soon see this familiar screen like a normal ESXi host and again DO NOT login as the machine is still installing 
Once the screen changes to display the text “Root password is not set” then we can press “F2” to start to configure the appliance. You may notice that if you have a DHCP server in your network it may have picked up an IP address.
As soon as you press “F2” you will be asked to change the password, once completed press “Enter”. As far as I can see there is no need for complex password required at this stage so you could have abc123 as password
You will be taken to the familiar screen of configuring a ESXi host. So we will head of the “Configure Management Network” and press “Enter”
Select “IP Configuration” and press “Enter”
Within “IP configuration” screen change to Static if you want to use static or leave it as DHCP if that is what you are using. If you are using DHCP then ensure you mark down the IP address that it has been assigned to. Press “Enter” to confirm any changes or “Esc” if you don’t need to make any
Back at the “Configure Management Network” menu screen go to “DNS Configuration” and press “Enter”
We are now configuring the DNS server where VCSA will use to resolve and the name (IP address or FQDN) for VCSA. Be sure to have this entry in your DNS server to be able to resolve if using name. I have just used IP address to make it simple. Press “enter” to make the changes
When you are back at the “Configure Management Network”. Press “Esc” and you will be prompted to restart the management network. Press “Y” to have the management network restarted
Once the management agent has been restarted you should see the IP address and hostname you have assigned to VCSA. If all the settings are correct then press “Esc” to log out
At the VCSA console screen press “F12” to initiate “shut down/restart” options. Enter password for your root account. Once you have logged in press “F11” to restart the appliance
Once the appliance has rebooted back to the console screen we can now go to a web browser to finish off the appliance build. The URL to go to is https://vcsa_ip_or_fqdn_address:5480. Replace vcsa_ip_or_fqdn_address with your details. You will be presented with the getting started screen. Select “Set up vCenter Server Appliance” to continue
You will be prompt to log in to the appliance as the user root. Supply the password and select “log in”
The introduction screen will appear and you will see that we have completed stage 1 which is to deploy VCSA. We will be working on stage 2 where we are configuring the appliance. Click “next”
It will now pull back the information from the VCSA. As we have assigned a static IP address it will show the details. Change the “Time synchronization mode” to “synchronize time with the ESXi host” and then Click “Next”. If you chose “Time synchronization mode” as “Synchronize time with NTP servers” then you would need to type in the NTP servers
On the SSO configuration screen, type in the Single Sign-On domain name you would like to use. Best to leave default as “vsphere.local”. Type in the password you would like to give for the single sign-on password for the account administrator. Define the site name you would like to use and then select “Next”
Decide if you would like to join VMware’s Customer Experience Improvement Program (CEIP) and then select “Next”
You will now be at the review screen before you start the final installation. Review all the settings before you select “Finish”
You will receive a warning message indicating once you click “OK” you cannot pause or stop the installation
The install will start and you will most likely see this error message appear “Failed to start setup. You can refresh this page, or restart again”. Wait about a minute and press “F5” to refresh the browser window
You should now see the appliance configuring itself now after the browser refresh. Wait till the appliance finish deploying
Once you get this screen it means the appliance has finished setup and you will see an URL you can go to for appliance configuration. If you click “close” it will take you to the getting started web page where you can select which vSphere client to use. The URLs are https://vcsa_ip_or_fqdn_address/ui (html 5 interface with limited funtionality) or https://vcsa_ip_or_fqdn_address/vsphere-client (flash interface)
At this point you can login to the appliance to change the time zone, enable SSH or Bash shell, change password expiry date and time etc by going to https://vcsa_ip_or_fqdn_address:5480 and logging with the root account.

Hopefully this will be a quick easy start for people to try out the vSphere 6.5 appliance on their VMware Workstation. Previously it was quite a hard process to get 6.0 appliance to work in workstation. So far all the functions that I need to test are working OK but if you do come across any errors please let me know. 

Comments

Popular posts from this blog

New Azure KMS IP and domain Addresses for activation

For Windows virtual machines deployed into Azure using marketplace images you may have created rules in your NSG or firewalls to allow the server to communicate the Azure KMS activation service. This used to be kms.core.windows.net and had an IP address of 23.102.135.246. As of March 2023 Microsoft has moved to a new address azkms.core.windows.net and has two IP addresses "20.118.99.224" and "40.83.235.53". The existing address kms.core.windows.net is pointed to the new IP of 40.83.235.53.  So if your servers are having issues with activation please check your rules to ensure they have the new IP addresses and you can resolve the old and new domain names ( azkms.core.windows.net,  kms.core.windows.net)

On board Azure Resources to use Azure AD Privileged Identity Management (PIM)

If you have Azure AD Premium P2 licences one of the reasons would of been to use Privileged Identity Management (PIM) as its a great tool to help provide "just-in-time" privileged access for resources where you don't need permanent access to.  In this article I will be going through how to onboard Azure resources into PIM so that you can control privileged access for your Azure resources as well. This means you can create conditional access policies for certain resources, resource groups, subscriptions or even management groups to ensure users only have the required permissions at the right time.  An example would be, by default you assign reader role for IT operations staff so that they can see all the resources. If they decided they need to make a change they would need to use PIM to activate a particular role you have assigned them which gives them permissions to make the change. As part of activating the role you might want to add some conditions. You might add that u

Visual Studio and Azure Services access behind a firewall

There is an article by Microsoft that lists all the URLs that Visual Studio requires to install or interaction with Azure services if you was behind a firewall or proxy. Obviously you don't have to allow everything through but you can see what you need to allow through if there was something specifically needed. I know after the pandemic most people are working from home and have a direct access to the internet but there are environments where access are still very control behind firewalls. This document provides the URLs, the ports it uses and a brief explanation about why it is needed which is always useful when you are speaking to your security team on why you need to punch another hole through the firewall. https://docs.microsoft.com/en-us/visualstudio/install/install-and-use-visual-studio-behind-a-firewall-or-proxy-server?view=vs-2022 Snippet of web page which list why each of the URLs are required and for what service